Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe

  • Size

    762KB

  • Sample

    241001-nl7a2sxbkn

  • MD5

    90b452d84800d6430baba6ef4a5b965d

  • SHA1

    d0597496e9fe52aeae9b299af9c23934b15bc1c7

  • SHA256

    7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309

  • SHA512

    3f805f25b6ae57fdeecb0c29275e9aab0d6cefe8e7ca162bab21b1631a1641ecd93b78fecd64a42d34baab2f34ee34e1e6bf2df30e86b15a5847c4035179ab8c

  • SSDEEP

    12288:rkYHTs61mU1+6hH5aFJeV/3iXPrQfkXmm1RhdLB9XKynVwGQIgNa61+:rkYHTv5dIFJeVDE2a61+

Malware Config

Targets

    • Target

      7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe

    • Size

      762KB

    • MD5

      90b452d84800d6430baba6ef4a5b965d

    • SHA1

      d0597496e9fe52aeae9b299af9c23934b15bc1c7

    • SHA256

      7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309

    • SHA512

      3f805f25b6ae57fdeecb0c29275e9aab0d6cefe8e7ca162bab21b1631a1641ecd93b78fecd64a42d34baab2f34ee34e1e6bf2df30e86b15a5847c4035179ab8c

    • SSDEEP

      12288:rkYHTs61mU1+6hH5aFJeV/3iXPrQfkXmm1RhdLB9XKynVwGQIgNa61+:rkYHTv5dIFJeVDE2a61+

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks